Cold walletHot wallet

Our hot wallet security design and protocol

We previously shared on our site that cold wallets are the safest method for storing large amounts of digital assets. However, because exchanges require frequent processing of users’ deposits and withdrawals, cold wallets can only be one part of the technical solution. Hot wallets are an essential supplement.

Safely operating hot wallets poses greater technical challenges compared to the operation of cold wallets. The semi-offline multisignature technology created by OKX provides fast, convenient, and safe digital asset deposits and withdrawals while ensuring asset security.

Hot wallet architecture on OKX

OKX's hot wallet system uses multiple technical solutions, including online and semi-offline risk-management systems, semi-offline multisignature services, big data risk-management systems and other protection mechanisms to ensure the security of private keys. All user-asset deposit and withdrawal processes need to be verified by multiple risk-management mechanisms before being broadcast to the blockchain for confirmation.

OKX Hot Wallet

Security of private key storage

The semi-offline servers cannot be compromised — even if they are physically attacked — as the private key is stored in the server's RAM, making it impossible for hackers to access.

Semi-offline signature service

OKX does not use an ordinary TCP/IP protocol in our network communication process. Instead, this communication is conducted via a special network communication protocol that we define as a semi-offline signature service — it is realistically impossible for an attacker to obtain the private key on a semi-offline server via an online attack.

Multiple authorization mechanisms

OKX has adopted a multisignature mechanism. Private key holders are strictly isolated from each other to prevent abuses of authority.

Emergency plan for private key backup

There are diversified emergency plans for backup private-key activation in a variety of different scenarios.

OKX Hot Wallet
Private key managementDeposit processWithdrawal process

Private key generation

- Three private keys are randomly generated and encrypted through an algorithm. The ciphertext is stored in a semi-offline signature device and held by three different private key holders.

- Any two private key holders must not travel together in the same vehicle. All three private key holders must not be in the same country simultaneously.

Private key backup

- Each private key has a backup.

- The backup private key is stored in bank safes in three separate countries.

Conditions to enable the master private key

-

- Two of the three private key holders are required to authorize the process in different high-security physical spaces to activate the semi-offline signature service.

- The private key will only be stored in the device's RAM in a secure physical space. Even if the space is physically attacked or the device is stolen, the private key cannot be compromised.

Conditions to enable the backup private key

- If any private key holder has a personal accident that potentially results in the permanent loss of the private key, including death or amnesia, we will enable the backup private key within 48 hours.

- If any private key holder is deliberately compromised in a way that can lead to the loss of the private key — including being blackmailed, kidnapped, etc. — we will immediately pause withdrawals and discard the password of the original private key holder within 48 hours by activating the backup private key. Then, we will update the private key file stored in the physical device and choose a new private key holder.

- If any private key holder is temporarily unable to perform their duties due to an accident or participation in highly confidential work, we will enable the backup private key within 30 days.

OKX's hot wallet tracks all transactions on the blockchain via the Blockchain Gateway Service. When the system detects a transaction that includes OKX addresses, it passes it to the Vault System, which records the transaction in a secure database and sends the user’s deposit information to OKX's Online Risk-Management System to check the validity of the address.

For transactions that are being deposited into OKX, the Online Risk-Management System then checks the validity of the funds, as well as deposit frequency and amount.

If the deposit transaction fails to pass the system’s risk-control checks, the funding to the given user's OKX account will be delayed by the Treasury Service. If the transaction passes all of these checks, the user's account will be credited in real time.

In regard to withdrawals from OKX, the Online Risk-Management System checks withdrawal frequency. It also checks for abnormalities in profits and account behavior.

The withdrawal transactions that pass the above checks of the Online Risk-Management System will be sent to the Vault System. This system then automatically creates an unsigned transaction. This transaction is then sent to the Signature Task and passed to the semi-offline multisig stage via a special network communication protocol for signatures. This process is not an ordinary TCP/IP communication protocol. We define this communication as a semi-offline signature service, in which it is practically impossible for an attacker to obtain the private key on a semi-offline server via an online attack. On the other hand, the semi-offline servers cannot be compromised, even if they are physically attacked, as the private key is stored in the server's RAM — making it impossible for hackers to access.

OKX's hot wallet system also has a second layer of risk management: semi-offline risk management. This second system will also examine the unsigned transaction to see if its frequency or amount is abnormal, according to the system's regularly updated database. Only when the unsigned transaction in question passes all of the semi-offline risk-management checks will it be signed (multisig) and returned to the Vault System. Then, the now-signed transaction will be passed to both the Treasury Service and the Blockchain Gateway Service to be broadcast to the appropriate blockchain network. If an unsigned transaction fails any risk checks, the semi-offline multisig stage will delay or refuse to sign the transaction and will send a report to the Online Risk-Management System. Via the above processes and protocols, the OKX hot wallet system is able to suspend large withdrawals by malicious users within a short time span and prevent the platform from experiencing online system attacks.

Highlights of the OKX security protocol

The private key management process uses decentralized storage.

Each private key has a backup in the event of unforeseen accidents to the private key holder.

There are multiple contingency scenarios in regards to the backup private key activation, which accounts for unpredictable scenarios including death, amnesia, loss of contact etc.

Through the original semi-offline signature service, the private key is only stored in the RAM and does not connect to the internet — simultaneously preventing both online hacking attacks and offline physical attacks.

There are multiple risk-control detection mechanisms to prevent suspicious assets from flowing in or out of OKX.

Targets that our security protocol hopes to achieve

Simultaneously prevent both network attacks and physical attacks, while keeping the private key secure.

Operate and maintain multisignature, multi-backup mechanisms, and a comprehensive multi-scenario backup private key activation plan to minimize withdrawal down-time going forward.

Comprehensive risk-control management system to flag and prevent abnormal deposits and withdrawals.